Skip to main content

Shmoocon 2011

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.

41
RESULTS
rss


PART OF
Shmoocon
Hacker Conferences
Media Type
41
movies
Collection
Creator
2
dan klinedinst
1
adrian crenshaw
1
andrew gavin
1
ashley thomas
1
axelle apvrille and kyle yang
1
ben smith
More right-solid
Language
41
English
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Shmoocon 2011
movies
eye 456
favorite 0
comment 0
Advances in binary analysis and forensics over the past two years have been astonishing. A new era has begun which consists of semi-automated, closed-source analysis on every conceivable software target. There is one relatively untouched area that deserves to be cracked like a nut, namely software loaded on hardware targets such as microcontrollers, complex programmable logic devices (CLPD), field programmable gate arrays (FPGA) and more capable microprocessor cores. We will survey a number of...
Shmoocon 2011
movies
eye 277
favorite 0
comment 0
Got domain admin to a couple of thousand Windows systems? Got an hour to spare? Steal sensitive data from all of these systems simultaneously in under an hour with OpenDLP. OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and...
Shmoocon 2011
by Michael Ossmann
movies
eye 201
favorite 0
comment 0
The off-the-shelf Bluetooth adapters didn't do what I wanted, so I built my own. This is the story of how someone with very little knowledge of electronics embarked on a project to build a 2.4 GHz wireless development platform and ultimately succeeded in creating a low cost device that can be used for Bluetooth sniffing and more. Find out how to build your own Ubertooth One, how to use it for Bluetooth experimentation and other things, and catch a glimpse of an exciting future of wireless...
Shmoocon 2011
by John McNabb
movies
eye 171
favorite 0
comment 0
This talk is a “work in progress” which follows up on my DEF CON 18 talk on Cyberterrorism and the Security of the National Drinking Water Infrastructure to focus on the specifics of such wireless meter reading systems and examination of the potential vulnerabilities they may create in the security of the public water supply infrastructure. More and more of the 150,000 US public water systems are installing wireless meter systems, also called AMR (automatic meter reading) and, in some...
Shmoocon 2011
by Scott Dunlop
movies
eye 130
favorite 0
comment 0
Google provides Android developers a nice shrink-wrapped package of tools for writing and testing Android applications without actually purchasing a device. All hackers get from Papa Google is the source code for those fancy tools and an urge to break things. This is an ideal recipe for disaster to occur. In this presentation, Scott Dunlop and IOActive will present research from the evil eye view of perspective of a hacker. Scott will demonstrate how to combine the Android Emulator, associated...
Shmoocon 2011
movies
eye 84
favorite 0
comment 0
Reverse engineering is a complicated process that has a lot of room for improvement. This talk will showcase some improvements to our visualization framework, VERA. New features that decrease the overall time to reverse a program will be shown. New items are a debugger based interface which allows for faster analysis without the need for a hypervisor, integrated trace processing tools, IDA Pro integration, and an API to interface with the display. During the talk I will reverse engineer malware...
Shmoocon 2011
movies
eye 79
favorite 0
comment 0
The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet Applications that use AJAX. The beauty of GWT lies in the ability to write client side components in Java that get automatically compiled into optimized browser Javascript. Once deployed, this client side code has the ability to perform remote procedure calls to all implemented GWT RPC methods. From an attacker's perspective, GWT introduces several problems. Most notably, GWT RPC request use a...
Shmoocon 2011
by Georgia Weidman
movies
eye 73
favorite 0
comment 0
Your mom's cellphone has as much power and functionality as all the PCs at my old government job. Thousands of new smartphones are joining the network every month just begging to be made to run indiscernibly slower with just one more root level program. A botnet control scenario is presented in which smartphone bots receive instructions through sms that are processed by a proxy between the GSM modem and the application layer, making the botnet messages transparent to the user. An Android...
Shmoocon 2011
by Johnny Long
movies
eye 70
favorite 0
comment 0
Johnny hacked. Johnny spoke. Johnny wrote. Johnny fell. Johnny bailed. (To Africa). He was lost. Now he's found. What's the story? Something about hacking. For Charity. Come hear. It's funny. It's sad. It's real. It's what's next. Johnny's bios (like Johnny himself) sometimes go missing. Something resembling both can be found at http://www.hackersforcharity.org
Shmoocon 2011
by Ryan Speers and Ricky Melgares
movies
eye 61
favorite 0
comment 0
ZigBee is a low-power, low-data rate wireless protocol based on IEEE 802.15.4. It connects lightweight embedded technology like HVAC, smart energy, security, and process automation systems, and is an attractive target as it touches the kinetic framework more than other wireless technologies. Techniques for sniffing ZigBee packets have been presented, as have theoretical vulnerabilities in other types of wireless sensor networks, but this talk uses injection and intelligent packet generation to...
Shmoocon 2011
movies
eye 58
favorite 0
comment 0
TCP Stream reassembly is a core function that is required for robust IPS and IDS systems. Snort's stream reassembly implementation (Stream5) has certain flaws that limit the protection capabilities. In this paper we conduct a detailed analysis of the state tracking and stream reassembly functionality of the open source IPS/IDS - Snort - with a focus on prevention capabilities. Our work aims to highlight the flaws in order to shed light as well as suggest possible alternative approaches so as to...
Shmoocon 2011
movies
eye 55
favorite 0
comment 0
A business capability is a functional unit within a business that is comprised of four layers: policies, people, processes, and technologies. Policies provide governance. People provide judgment, expertise, and exception handling. Processes provide repeatability. Technologies remove people from the processes and provide automation. The four layers comprise a business capability stack (BCStack). You can model a corporate bureaucracy as a system of BCStacks. BCStack exchange information and...
Shmoocon 2011
by Enno Rey & Daniel Mende
movies
eye 48
favorite 0
comment 0
In 2010 a number of practical high-profile attacks against GSM has been discussed and demonstrated. Still it should be noted that GSM ("2G") has been standardized in the early 90s, followed by the "3G" family of standards in 2000 which in turn is currently superseded (better: complemented) by yet another generation ("4G"). What about their security aspects? In this talk we'll outline 3G and 4G architectures and associated attack paths, enriched by "anecdotes...
Shmoocon 2011
movies
eye 42
favorite 0
comment 0
The Gateway
Shmoocon 2011
by Jon Larimer
movies
eye 42
favorite 0
comment 0
Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks. In this presentation, I'll explain how attackers can abuse these features to gain access to a live system by using a USB flash drive. I'll also show how USB as an exploitation platform can allow for easy bypass of...
Shmoocon 2011
movies
eye 42
favorite 0
comment 0
This talk will introduce Gibson, a tool for modeling real time security events and information in 3D. This tool will allow users to watch a visual representation of threats, defenses and compromises on their systems as they occur, or record them for later analysis and forensics. In addition to continuous monitoring for operational network security, it can be used by strategic and tactical decision makers, or to display the progress and results of cybersecurity training exercises or penetration...
Shmoocon 2011
movies
eye 40
favorite 0
comment 0
New hard drives cannot be fixed using old methods or tools. The introduction of Acoustic Spacers in hard drives forces Data Recovery and Forensic Experts to find a new way to solve this crisis to recover their precious data. Well this talk is gonna show you how! Scott Moulton loves Shmoocon and wants you guys to be the first ones to see this new process. Currently Scott Moulton runs a data recovery company called MyHardDriveDied.com as well as classes teaching his techniques to both the public...
Shmoocon 2011
by Marcia Hofmann
movies
eye 38
favorite 0
comment 0
What do the police need to do to seize your laptop? Can the government force you to turn over passwords or encryption keys? What are the situations in which your data is particularly vulnerable, and what steps can you take to protect it? This talk will teach attendees about their legal rights in information stored on laptops and other digital devices, including at the United States border or other places where the data may be particularly at risk. This talk will also provide practical advice on...
Shmoocon 2011
by Q, Atlas, Cutaway Smash and Slugs on Toast
movies
eye 37
favorite 0
comment 0
Frequency Hopping Spread Spectrum makes the interception of transmitted information difficult. So difficult, in fact, that it has been mistaken as an encryption scheme by those who feel that FHSS cannot be easily defeated. Some commercial vendors that utilize FHSS claim it is superior to encryption technologies because "[i]t is common for new encryption schemes to be hacked within months of implementation." [1] They make these claims even after the fact that attacks against Bluetooth...
Shmoocon 2011
movies
eye 34
favorite 0
comment 0
Keith sat on the park bench and played guitar for coins. Sometimes I would take a break from reading microprocessor manuals and listen. Keith had paranoid schizophrenia. He could explain how the world worked: "There is a great international conspiracy..." he would say. Electromagnetic fields, government satellites, resonant dinner plates, you name it: he had it all figured out. This was back in the days of the 80386, when the CPU had only four levels of indirection in its addressing...
Shmoocon 2011
by Ben Smith
movies
eye 34
favorite 0
comment 0
A printer, who cares...HP's Printer Job Language(PJL)... sounds innocent enough. While researching into how to secure these devices some new malicious abuses have been discovered as well as some fun new uses for old attacks. We will cover how to send SNMP commands to HP printers and get back responses even if SNMP is disabled on the device. As well as discus some of the other fun that can be had with PJL and its lack of security like printer information gathering, control panel lockout, disk...
Shmoocon 2011
by James Oakley and Sergey Bratus
movies
eye 32
favorite 0
comment 0
All binaries compiled by recent versions of GCC from C++ programs include complex data and dedicated code for exception handling support. The data structures describe the call stack frame layout in the DWARF format bytecode. The dedicated code includes an interpreter of this bytecode and logic to implement the call stack unwinding. Despite being present in a large class of programs -- and therefore potentially providing a huge attack surface -- this mechanism is not widely known or studied. Of...
Shmoocon 2011
by Daniel Kovach
movies
eye 27
favorite 0
comment 0
Many attempts have been made to determine the existence of a heap spray attack, but when we consider their efficacy vs. their run time performance, most fall short. In this paper, we introduce a new technique that differs from the others. We treat heap spray detection as a signal processing problem. We examine process memory as a signal that maps to the interval [0, 256). The number of times each value is seen in memory is collected into a histogram in the preprocessing stage at certain...
Shmoocon 2011
by Deral Heiland “PercX” and Pete Arzamendi “Bokojan”
movies
eye 27
favorite 0
comment 0
In this presentation we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems. By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including usernames, email addresses, authentication information including SMB, Email, LDAP passwords. Leveraging this information we have successful...
Shmoocon 2011
movies
eye 25
favorite 0
comment 0
Targeted attacks are now focus at all levels of organization, industry, people, technology, or third parties; they are stealing anything of value. Many companies spend six and seven figures a year to support defending against these organizations. But many organizations, do not have the budget, manpower, or feel the need. This presentation is about how to do this using something that you have, in house, or what you can use from open source to start defending yourself. The MacGyver approach,...
Shmoocon 2011
movies
eye 25
favorite 0
comment 0
0wn The Con
Shmoocon 2011
movies
eye 25
favorite 0
comment 0
While a fair amount of research has gone into blocking malicious software (viruses, worms, trojans, spyware, etc.), comparatively less time has gone into researching malicious hardware devices. There are many examples of malicious hardware, to name just a few: backdoored routers, surreptitiously installed hosts that act as pivots on a network, PS/2 key loggers, etc. The topic of malicious hardware can be pretty broad, so we are concentrating this talk specifically on malicious USB devices. USB...
Shmoocon 2011
by Daniel Crowley
movies
eye 24
favorite 0
comment 0
URL shorteners are ubiquitous in today's Internet culture and have a variety of uses for a variety of users. While many have theorized about the security issues and usages involved with URL shortening services (of which there are an impressive number), this talk will aim to demonstrate them, along with interesting statistics such as the percentage of Goatse-equivalent short URLs. Come see what's behind the short URLs: personal documents, private photos, authentication credentials and more!...
Shmoocon 2011
movies
eye 24
favorite 0
comment 0
This talk will introduce Gibson, a tool for modeling real time security events and information in 3D. This tool will allow users to watch a visual representation of threats, defenses and compromises on their systems as they occur, or record them for later analysis and forensics. In addition to continuous monitoring for operational network security, it can be used by strategic and tactical decision makers, or to display the progress and results of cybersecurity training exercises or penetration...
Shmoocon 2011
by Jon Oberheide and Zach Lanier
movies
eye 23
favorite 0
comment 0
Jon and Zach (known as TEAM JOCH) will deconstruct Google's Android mobile platform and its security model, from the base OS, to the Android middleware, up to some case studies using third- party applications. As Android emerges as a leading OS in the mobile market, there's much to be learned from both the victories and failures of Google's design decisions and their impact on Android's security model. TEAM JOCH will show off some fun attacks used to subvert the base Android system as well as...
Shmoocon 2011
by Richard Friedberg
movies
eye 23
favorite 0
comment 0
While many people use netflow for network monitoring or billing, it is also quite useful for detecting malicious network activity. After a quick recap of pros and cons, we'll cover how you can build a sensor and storage system using open source tools such as YAF (Yet Another Flowmeter) and SiLK (System for Internet Level Knowledge), and then move into how you can use these tools to find cool stuff (using recent threats/attacks as examples). We'll demonstrate some of these capabilities, show you...
Shmoocon 2011
by Matthew Pawloski and Fotios Lindiakos
movies
eye 23
favorite 0
comment 0
All enterprise networks implement malware detection capabilities, yet attackers are still breaking in, maintaining their foothold, and exfiltrating data. Today’s most successful and popular attacks involve email with malicious attachments or links to malicious files. While there are many commercial solutions that try to prevent these attacks, no product alone can protect an entire organization. The security community needs an architecture that enables multiple commercial tools, as well as...
Shmoocon 2011
by Peiter "Mudge" Zatko
movies
eye 19
favorite 0
comment 0
DARPA, the Defense Advance Research Project Agency, directs billions of dollars towards research. One of these research areas is Cyber. In 2010 DARPA hired "Mudge", the hacker who led the early hackerspace L0pht @stake, to create, direct, and manage cyber research efforts for the Department of Defense. This talk presents the new approaches that the agency is embracing and types of research efforts and how they diverge from traditional cyber efforts. Much of the existing and historic...
Shmoocon 2011
by Trent Lo aka "Surbo"
movies
eye 17
favorite 0
comment 0
This presentation will explore the multiple security issues within Evite and exploit them using Social Engineering attacks for huge lulz. Grab a beer and sit back as you watch the fireworks while the bride confronts her "friend" who just called her fat. Go ahead, click "YES" to that Evite because after this presentation there will be no more dull parties! From taking over accounts, impersonating guests or banning them forever, Evite just got a whole lot more fun. As a...
Shmoocon 2011
by Sarah Edwards
movies
eye 16
favorite 0
comment 0
Everyone knows their life is stored in their iPhones and iPads, but to what extent? Forensic software can quickly and easily extract the data contained in the default applications such as Address Book and Safari. This software can be run by the most inexperienced of investigators and is often just a click of a button to perform an “analysis”. iOS applications have become very prevalent and many people do not know the amount of revealing data that can be found in them. This presentation...
Shmoocon 2011
by G W Ray Davidson III, PhD
movies
eye 16
favorite 0
comment 0
One of the required classes in the Information Technology department at Purdue University Calumet is a senior design class, wherein students use the knowledge obtained in previous classes to design a network to serve a useful purpose. The author has worked on the ShmooCon Labs team for the past 3 years, and (perhaps due to cabin fever induced by the Shmoopocalypse of 2010) used that experience as the inspiration for the design project in Spring of 2010. Students were given the assignment to...
Shmoocon 2011
movies
eye 16
favorite 0
comment 0
Opening Remarks
Shmoocon 2011
movies
eye 15
favorite 0
comment 0
Saturday Fire Talks
Shmoocon 2011
movies
eye 14
favorite 0
comment 0
Friday Fire Talks
Shmoocon 2011
movies
eye 13
favorite 0
comment 0
Over the past year, a number of significant wireless privacy issues arose that influenced public policy and adjusted social expectations of private communications. Within the Office of the Privacy Commissioner of Canada, a team of research analysts has been tracking these issues, and have also applied their expertise for formal technical investigations. In this talk, I will focus on one of our Office's most high-profile cases of 2010: Google's collection of wireless payload data. I will provide...
Shmoocon 2011
by Axelle Apvrille and Kyle Yang
movies
eye 11
favorite 0
comment 0
Nowadays, many banks try to secure their online transactions by sending an additional one-time password by SMS (mTAN) to the end-user. Unfortunately, in September 2010, the infamous ZeuS gang has written a new version, named Zitmo, which defeats this method. Mainly, Zitmo consists in infecting the end-user's mobile phone with a trojan that intercepts SMS on the phone. The whole operation is difficult to spot even to security-aware specialists. This presentation explains how the attacks works,...